11-06-2019 12:56 PM
I have several AP230 APs that act as RADIUS server for WPA2 802.1X authentication (Enterprise) and works OK, but does not work OK on APs AP320.
In the APs320, when I try to create the "AAA User Directory" configuration, with the same user that works in the APs 230, I don't join with the APs320.
Any idea why?
The error message is:
The join operation was unsuccessful and has timed out. The Active Directory server might not be reachable.
Note: Not comunication problem.
Solved! Go to Solution.
11-14-2019 04:33 PM
Hi,
I solved the problem. The problem was in NTP synchronization with DC. This caused a kerberos problem.
Regards.
11-14-2019 04:33 PM
Hi,
I solved the problem. The problem was in NTP synchronization with DC. This caused a kerberos problem.
Regards.
11-07-2019 11:59 AM
hello,
we have continued to investigate. Now, the error is other: "The Aerohive RADIUS server was unable to join the Active Directory domain because its account was not found in the database, causing the login attempt to fail."
In capture traffic in DC, I have seen a Kerberos error: error-code: eRR-C-PRINCIPAL-UNKNOWN (6)
I use the same user in other APs.
In Windows event viewer, I don't finde any related event.
Any idea?
Thanks you so much.
11-06-2019 04:10 PM
Hi,
Thanks for you answer.
I don't management AD, but I will try to get AD logs. I have seen with Wireshark that the traffic is received (and answered) in DC.
Regards
11-06-2019 03:49 PM
Do you see the join request logged in your Active Directory logs? Are there any errors or does it say the join request was successful?